247 lines
8.0 KiB
JavaScript
247 lines
8.0 KiB
JavaScript
"use strict";
|
|
|
|
var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard");
|
|
|
|
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
|
|
Object.defineProperty(exports, "__esModule", {
|
|
value: true
|
|
});
|
|
exports.deriveSecret = exports.verify = exports.sign = exports.generateKey = void 0;
|
|
|
|
var _regenerator = _interopRequireDefault(require("@babel/runtime/regenerator"));
|
|
|
|
var _asyncToGenerator2 = _interopRequireDefault(require("@babel/runtime/helpers/asyncToGenerator"));
|
|
|
|
var _params = _interopRequireDefault(require("./params.js"));
|
|
|
|
var asn1enc = _interopRequireWildcard(require("./asn1enc.js"));
|
|
|
|
var _jsCryptoKeyUtils = require("js-crypto-key-utils");
|
|
|
|
var _jsEncodingUtils = _interopRequireDefault(require("js-encoding-utils"));
|
|
|
|
/**
|
|
* nodeapi.js
|
|
*/
|
|
|
|
/**
|
|
* Generate elliptic curve cryptography public/private key pair. Generated keys are in JWK.
|
|
* @param {String} namedCurve - Name of curve like 'P-256'.
|
|
* @param {Object} nodeCrypto - NodeCrypto object.
|
|
* @return {Promise<{publicKey: JsonWebKey, privateKey: JsonWebKey}>} - The generated keys.
|
|
* @throws {Error} - Throws if NotPublic/PrivateKeyForECCKeyGenNode
|
|
*/
|
|
var generateKey =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee(namedCurve, nodeCrypto) {
|
|
var ecdh, publicOct, privateOct, publicKey, publicJwk, privateKey, privateJwk;
|
|
return _regenerator.default.wrap(function _callee$(_context) {
|
|
while (1) {
|
|
switch (_context.prev = _context.next) {
|
|
case 0:
|
|
ecdh = nodeCrypto.ECDH(_params.default.namedCurves[namedCurve].nodeName);
|
|
ecdh.generateKeys();
|
|
publicOct = new Uint8Array(ecdh.getPublicKey());
|
|
privateOct = new Uint8Array(ecdh.getPrivateKey());
|
|
publicKey = new _jsCryptoKeyUtils.Key('oct', publicOct, {
|
|
namedCurve: namedCurve
|
|
});
|
|
|
|
if (!publicKey.isPrivate) {
|
|
_context.next = 7;
|
|
break;
|
|
}
|
|
|
|
throw new Error('NotPublicKeyForECCKeyGenNode');
|
|
|
|
case 7:
|
|
_context.next = 9;
|
|
return publicKey.export('jwk', {
|
|
outputPublic: true
|
|
});
|
|
|
|
case 9:
|
|
publicJwk = _context.sent;
|
|
privateKey = new _jsCryptoKeyUtils.Key('oct', privateOct, {
|
|
namedCurve: namedCurve
|
|
});
|
|
|
|
if (privateKey.isPrivate) {
|
|
_context.next = 13;
|
|
break;
|
|
}
|
|
|
|
throw new Error('NotPrivateKeyForECCKeyGenNode');
|
|
|
|
case 13:
|
|
_context.next = 15;
|
|
return privateKey.export('jwk');
|
|
|
|
case 15:
|
|
privateJwk = _context.sent;
|
|
return _context.abrupt("return", {
|
|
publicKey: publicJwk,
|
|
privateKey: privateJwk
|
|
});
|
|
|
|
case 17:
|
|
case "end":
|
|
return _context.stop();
|
|
}
|
|
}
|
|
}, _callee);
|
|
}));
|
|
|
|
return function generateKey(_x, _x2) {
|
|
return _ref.apply(this, arguments);
|
|
};
|
|
}();
|
|
/**
|
|
* Sign message with ECDSA.
|
|
* @param {Uint8Array} msg - Byte array of message to be signed.
|
|
* @param {JsonWebKey} privateJwk - Private key object in JWK format.
|
|
* @param {String} hash - Name of hash algorithm used in singing, like 'SHA-256'.
|
|
* @param {String} signatureFormat - Signature format, 'raw' or 'der'
|
|
* @param {Object} nodeCrypto - NodeCrypto object.
|
|
* @return {Promise<Uint8Array>} - Output signature byte array in raw or der format.
|
|
* @throws {Error} - Throws if NotPrivateKeyForECCSignNode.
|
|
*/
|
|
|
|
|
|
exports.generateKey = generateKey;
|
|
|
|
var sign =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref2 = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee2(msg, privateJwk, hash, signatureFormat, nodeCrypto) {
|
|
var privateKey, privatePem, sign, asn1sig;
|
|
return _regenerator.default.wrap(function _callee2$(_context2) {
|
|
while (1) {
|
|
switch (_context2.prev = _context2.next) {
|
|
case 0:
|
|
privateKey = new _jsCryptoKeyUtils.Key('jwk', privateJwk);
|
|
|
|
if (privateKey.isPrivate) {
|
|
_context2.next = 3;
|
|
break;
|
|
}
|
|
|
|
throw new Error('NotPrivateKeyForECCSignNode');
|
|
|
|
case 3:
|
|
_context2.next = 5;
|
|
return privateKey.export('pem');
|
|
|
|
case 5:
|
|
privatePem = _context2.sent;
|
|
sign = nodeCrypto.createSign(_params.default.hashes[hash].nodeName);
|
|
sign.update(msg);
|
|
asn1sig = sign.sign(privatePem);
|
|
return _context2.abrupt("return", signatureFormat === 'raw' ? asn1enc.decodeAsn1Signature(asn1sig, privateJwk.crv) : asn1sig);
|
|
|
|
case 10:
|
|
case "end":
|
|
return _context2.stop();
|
|
}
|
|
}
|
|
}, _callee2);
|
|
}));
|
|
|
|
return function sign(_x3, _x4, _x5, _x6, _x7) {
|
|
return _ref2.apply(this, arguments);
|
|
};
|
|
}();
|
|
/**
|
|
* Verify signature with ECDSA.
|
|
* @param {Uint8Array} msg - Byte array of message that have been signed.
|
|
* @param {Uint8Array} signature - Byte array of signature for the given message.
|
|
* @param {JsonWebKey} publicJwk - Public key object in JWK format.
|
|
* @param {String} hash - Name of hash algorithm used in singing, like 'SHA-256'.
|
|
* @param {String} signatureFormat - Signature format,'raw' or 'der'.
|
|
* @param {Object} nodeCrypto - NodeCrypto object.
|
|
* @return {Promise<boolean>} - The result of verification.
|
|
* @throws {Error} - Throws if NotPublicKeyForEccVerifyNode.
|
|
*/
|
|
|
|
|
|
exports.sign = sign;
|
|
|
|
var verify =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref3 = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee3(msg, signature, publicJwk, hash, signatureFormat, nodeCrypto) {
|
|
var publicKey, publicPem, verify, asn1sig;
|
|
return _regenerator.default.wrap(function _callee3$(_context3) {
|
|
while (1) {
|
|
switch (_context3.prev = _context3.next) {
|
|
case 0:
|
|
publicKey = new _jsCryptoKeyUtils.Key('jwk', publicJwk);
|
|
|
|
if (publicKey.isPrivate) {
|
|
_context3.next = 3;
|
|
break;
|
|
}
|
|
|
|
throw new Error('NotPrivateKeyForECCVerifyNode');
|
|
|
|
case 3:
|
|
_context3.next = 5;
|
|
return publicKey.export('pem', {
|
|
outputPublic: true,
|
|
compact: false
|
|
});
|
|
|
|
case 5:
|
|
publicPem = _context3.sent;
|
|
verify = nodeCrypto.createVerify(_params.default.hashes[hash].nodeName);
|
|
verify.update(msg);
|
|
asn1sig = signatureFormat === 'raw' ? asn1enc.encodeAsn1Signature(signature, publicJwk.crv) : signature;
|
|
return _context3.abrupt("return", verify.verify(publicPem, asn1sig));
|
|
|
|
case 10:
|
|
case "end":
|
|
return _context3.stop();
|
|
}
|
|
}
|
|
}, _callee3);
|
|
}));
|
|
|
|
return function verify(_x8, _x9, _x10, _x11, _x12, _x13) {
|
|
return _ref3.apply(this, arguments);
|
|
};
|
|
}();
|
|
/**
|
|
* Key Derivation for ECDH, Elliptic Curve Diffie-Hellman Key Exchange.
|
|
* @param {JsonWebKey} publicJwk - Remote public key object in JWK format.
|
|
* @param {JsonWebKey} privateJwk - Local (my) private key object in JWK format.
|
|
* @param {Object} nodeCrypto - NodeCrypto object.
|
|
* @return {Uint8Array} - The derived master secret via ECDH.
|
|
*/
|
|
|
|
|
|
exports.verify = verify;
|
|
|
|
var deriveSecret = function deriveSecret(publicJwk, privateJwk, nodeCrypto) {
|
|
var curve = _params.default.namedCurves[privateJwk.crv].nodeName;
|
|
var payloadSize = _params.default.namedCurves[privateJwk.crv].payloadSize;
|
|
var ecdh = nodeCrypto.createECDH(curve);
|
|
|
|
var privKeyBuf = _jsEncodingUtils.default.encoder.decodeBase64Url(privateJwk.d);
|
|
|
|
var pubKeyBuf = new Uint8Array(payloadSize * 2 + 1);
|
|
pubKeyBuf[0] = 0xFF & 0x04;
|
|
pubKeyBuf.set(_jsEncodingUtils.default.encoder.decodeBase64Url(publicJwk.x), 1);
|
|
pubKeyBuf.set(_jsEncodingUtils.default.encoder.decodeBase64Url(publicJwk.y), payloadSize + 1);
|
|
ecdh.setPrivateKey(privKeyBuf);
|
|
return new Uint8Array(ecdh.computeSecret(pubKeyBuf));
|
|
};
|
|
|
|
exports.deriveSecret = deriveSecret; |